The invention relates to the field of automated communications with touchscreen devices, for example touchscreen devices using capacitive sensing.
Personal digital assistants (or PDAs) are generally known. PDAs are mobile devices offering personal information manager capabilities. Typically, a PDA has an electronic visual display (or display for short) and more generally various user interfaces.
Newer products also have audio capabilities and can be used as mobile phones (“smartphones”) or portable media players. Today, almost all PDAs are smartphones. Also, most PDAs have the ability to connect to the Internet and include a web browser. In fact, many PDAs can access the Internet, intranets or extranets via Wi-Fi or Wireless Wide Area Networks.
Many PDAs use touchscreen technology. A touchscreen (or touch-sensitive display) is an electronic display sensing the location of a touch event within the display area. Usually, touching the display is done with a finger. Touchscreens can also sense passive objects such as a stylus. Touchscreens are typically used in devices such as all-in-one computers, tablet computers, PDAs and smartphones. There are a variety of touchscreen technologies, e.g., resistive, capacitive, infrared, etc.
Capacitive sensing is perhaps the most used technology for PDAs. A capacitive touchscreen panel comprises an insulator such as glass, coated with a transparent conductor, e.g., indium tin oxide. Touching the surface of the screen with a conductor (the human body is also an electrical conductor) results in a distortion of the electrostatic field of the screen, which can be measured as a change in capacitance.
Security problems with PDAs (just like PCs) make them unsuitable for many functions since data entered by users can be manipulated or copied by an attacker. For example, transactions can be changed to send money to unwanted recipients or to order unwanted goods, or user credentials can be copied providing attackers with access to systems such as those used for Internet banking. Beyond PDAs, touch-sensitive displays become increasingly prevalent in many electronic devices ranging from smartphones, tablet PCs or laptops to special purpose devices such as ATM machines, the displays acting as human interface devices.
Such general-purpose devices tend to be online and are used to access data online on the go. Based on the data gathered, decisions are made. It is therefore highly desired that the data displayed is genuine, e.g., has not been tampered with by some virus or Trojan software. Yet, given that such devices computers are often freely programmable, it is usually not possible to prevent users downloading applications from untrusted sources. This may introduce malicious software altering the touchscreen devices operation to the extent that their display may actually not show genuine data, but data that has been tampered with on the touchscreen device. In order to prevent this kind of attack, which is quite common on PCs already, a secured network connection between the touchscreen device and data-providing server is not sufficient as the manipulation can be carried out locally by means of malicious software running on the touchscreen device.
For online transactions, for example, a solution which has been developed is the so-called Zone Trusted Information Channel (or ZTIC for short). The ZTIC is a secure, non-programmable device for the authentication of transaction data. Since the ZTIC maintains a secured end-to-end network connection to the server, the ZTIC itself is tamper-proof against malicious software attacks and as it has its own input and output components independent of the host it connects to, the data shown on the ZTIC display is genuine. More details can be found in e.g., “The Zurich Trusted Information Channel—An Efficient Defence against Man-in-the-Middle and Malicious Software Attacks”, by Thomas Weigold, Thorsten Kramp, Reto Hermann, Frank Wiring, Peter Buhler, Michael Baentsch. In P. Lipp, A.-R. Sadeghi, and K.-M. Koch (Eds.): TRUST 2008, LNCS 4968, pp. 75-91, 2008. Springer-Verlag Berlin Heidelberg 2008.
The ZTIC security concept usually depends on the identification of a reasonably small subset of the data visible on the touchscreen device, e.g., transaction data in the case of online banking. Typically, the server prescribes which data is considered critical (and accordingly requires explicit off-host verification) and which data is not critical. For web services in general, for example, this scheme may not be the most practical as it is not always possible to define a reasonably small subset of critical data or to detect crucial information for explicit confirmation automatically. In particular, this scheme is not practical for web sites.